mirror of
https://github.com/jokob-sk/NetAlertX.git
synced 2026-03-30 23:03:03 -07:00
63 lines
2.0 KiB
YAML
63 lines
2.0 KiB
YAML
# Expected outcome: Container fails to start due to unwritable nginx config partition
|
|
# - SYSTEM_SERVICES_ACTIVE_CONFIG shows as mounted but unwritable (❌ in Writeable column)
|
|
# - 35-nginx-config.sh detects permission error and exits with code 1
|
|
# - Container startup fails because nginx configuration cannot be written for custom ports
|
|
services:
|
|
netalertx:
|
|
network_mode: host
|
|
build:
|
|
context: ../../../
|
|
dockerfile: Dockerfile
|
|
image: netalertx-test
|
|
container_name: netalertx-test-mount-active_config_unwritable
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- NET_BIND_SERVICE
|
|
environment:
|
|
LISTEN_ADDR: 0.0.0.0
|
|
PORT: ${PORT:-9999} # Use non-default port to test all paths
|
|
APP_CONF_OVERRIDE: ${GRAPHQL_PORT:-26212}
|
|
ALWAYS_FRESH_INSTALL: true
|
|
NETALERTX_DEBUG: 0
|
|
NETALERTX_CHECK_ONLY: ${NETALERTX_CHECK_ONLY:-1}
|
|
SYSTEM_SERVICES_ACTIVE_CONFIG: /tmp/nginx/active-config
|
|
|
|
volumes:
|
|
- type: volume
|
|
source: test_netalertx_data
|
|
target: /data
|
|
read_only: false
|
|
- type: tmpfs
|
|
target: /tmp/log
|
|
tmpfs:
|
|
size: 64m
|
|
mode: 1777
|
|
options: noexec,nosuid,nodev,async,noatime,nodiratime
|
|
- type: tmpfs
|
|
target: /tmp/api
|
|
tmpfs:
|
|
size: 64m
|
|
mode: 1777
|
|
options: noexec,nosuid,nodev,async,noatime,nodiratime
|
|
- type: tmpfs
|
|
target: /tmp/run
|
|
tmpfs:
|
|
size: 64m
|
|
mode: 1777
|
|
options: noexec,nosuid,nodev,async,noatime,nodiratime
|
|
- type: volume
|
|
source: test_system_services_active_config
|
|
target: /tmp/nginx/active-config
|
|
read_only: true
|
|
tmpfs:
|
|
# Ensure /tmp is a writable tmpfs for the app user; mode 1777 to support su-exec drop.
|
|
- /tmp:uid=20211,gid=20211,mode=1777,noexec,nosuid,nodev,size=64m
|
|
volumes:
|
|
test_netalertx_data:
|
|
test_system_services_active_config: |